Update many of the actions to their latest version (#1731)

* Update many of the actions to their latest version

* Fix CodeQL action

* Use the latest version for all images

* Whoops

* Use Ubuntu for the Peek Icons workflow

* Fix Peek Icons action

* Remove token

* chore: apply suggestions from code review

Co-authored-by: Jørgen Kalsnes Hagen <43886029+Snailedlt@users.noreply.github.com>

---------

Co-authored-by: Jørgen Kalsnes Hagen <43886029+Snailedlt@users.noreply.github.com>

Author: Panquesito7

.github/drafts/optimize_svg.yml

@@ -6,9 +6,9 @@ jobs:
   peek:
     name: Optimize the added/changed svgs
     if: github.event.label.name == 'bot:optimize'
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
         with:
           ref: ${{ github.head_ref }}
 

.github/drafts/stale.yml

@@ -5,7 +5,7 @@ on:
 
 jobs:
   stale:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latestlatest
     steps:
       - uses: actions/stale@main
         with:

.github/scripts/icomoon_peek.py

@@ -5,7 +5,7 @@
 def main():
     runner = None
     try:
-        args = arg_getters.get_selenium_runner_args(peek_mode=True)
+        args = arg_getters.get_selenium_runner_args(has_token=False, peek_mode=True)
         all_icons = filehandler.get_json_file_content(args.devicon_json_path)
 
         # get only the icon object that has the name matching the pr title

.github/workflows/check_icon_pr.yml

@@ -3,18 +3,18 @@ on: pull_request
 jobs:
   check:
     name: Check the `devicon.json` and the SVGs' quality
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-latest
     if: startsWith(github.event.pull_request.title, 'new icon') || startsWith(github.event.pull_request.title, 'update icon')  # only checks icon PR
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - name: Check if PR is develop
         if: ${{ github.base_ref != 'develop' }}
         run: |
           echo -e "The PR's base branch is \`${{ github.base_ref }}\`, but should be \`develop\`\nPlease change the PR so that it's based on, and merged into \`develop\`" > ./err_messages.txt
           echo "wrong_branch=true" >> $GITHUB_ENV
       
-      - uses: actions/setup-python@v2
+      - uses: actions/setup-python@v4
         if: ${{ !env.wrong_branch }}
         with: 
           python-version: 3.8
@@ -32,7 +32,7 @@ jobs:
         run: python ./.github/scripts/check_icon_pr.py "$PR_TITLE" ./icons ./devicon.json
 
       - name: Upload the err messages
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         if: success()
         with:
           name: err_messages
@@ -46,7 +46,7 @@ jobs:
         run: echo $PR_NUM > pr_num.txt
 
       - name: Upload the pr num
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         if: success()
         with:
           name: pr_num

.github/workflows/codeql-analysis.yml

@@ -1,62 +1,61 @@
-name: "CodeQL"
+name: "Code Scanning - Action"
 
 on:
   push:
-    branches: [master]
+    branches: [master, develop]
   pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [master]
+    branches: [master, develop]
   schedule:
-    - cron: '0 23 * * 4'
+    #        ┌───────────── minute (0 - 59)
+    #        │  ┌───────────── hour (0 - 23)
+    #        │  │ ┌───────────── day of the month (1 - 31)
+    #        │  │ │ ┌───────────── month (1 - 12 or JAN-DEC)
+    #        │  │ │ │ ┌───────────── day of the week (0 - 6 or SUN-SAT)
+    #        │  │ │ │ │
+    #        │  │ │ │ │
+    #        │  │ │ │ │
+    #        *  * * * *
+    - cron: '30 1 * * 0'
 
 jobs:
-  analyze:
-    name: Analyze
+  CodeQL-Build:
+    # CodeQL runs on ubuntu-latest, windows-latest, and macos-latest
     runs-on: ubuntu-latest
 
-    strategy:
-      fail-fast: false
-      matrix:
-        # Override automatic language detection by changing the below list
-        # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python']
-        language: ['javascript']
-        # Learn more...
-        # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection
+    permissions:
+      # required for all workflows
+      security-events: write
+
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
 
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v2
-      with:
-        # We must fetch at least the immediate parents so that if this is
-        # a pull request then we can checkout the head.
-        fetch-depth: 2
-
-    # If this run was triggered by a pull request event, then checkout
-    # the head of the pull request instead of the merge commit.
-    - run: git checkout HEAD^2
-      if: ${{ github.event_name == 'pull_request' }}
-
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
-      with:
-        languages: ${{ matrix.language }}
-
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
-
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 https://git.io/JvXDl
-
-    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-    #    and modify them (or add more) to build your code if your project
-    #    uses a compiled language
-
-    #- run: |
-    #   make bootstrap
-    #   make release
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        # Override language selection by uncommenting this and choosing your languages
+        with:
+          languages: javascript, python
+
+      # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java).
+      # If this step fails, then you should remove it and run the build manually (see below).
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v2
+
+      # ℹ️ Command-line programs to run using the OS shell.
+      # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+
+      # ✏️ If the Autobuild fails above, remove it and uncomment the following
+      #    three lines and modify them (or add more) to build your code if your
+      #    project uses a compiled language
+
+      #- run: |
+      #     make bootstrap
+      #     make release
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2

.github/workflows/in_develop_labeler.yml

@@ -5,15 +5,20 @@ on:
     types: 
       - completed
 jobs:
+  on-failure:
+    runs-on: ubuntu-latest
+    if: ${{ github.event.workflow_run.conclusion == 'failure' }}
+    steps:
+      - run: echo "First workflow was a failure"
   label_preflight:
     name: Label Issue In Develop
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-latest
     if: ${{ github.event.workflow_run.conclusion == 'success' }}
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - name: Setup Python v3.8
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v4
         with: 
           python-version: 3.8
 

.github/workflows/npm_publish.yml

@@ -7,13 +7,13 @@ jobs:
     environment: release
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
         with:
           # "ref" specifies the branch to check out.
           # "github.event.release.target_commitish" is a global variable and specifies the branch the release targeted
           ref: ${{ github.event.release.target_commitish }}
       - name: Use Node.js v16
-        uses: actions/setup-node@v2
+        uses: actions/setup-node@v3
         with:
           node-version: 16
           registry-url: https://registry.npmjs.org/ # Specifies the registry, this field is required!

.github/workflows/peek_icons.yml

@@ -9,12 +9,12 @@ jobs:
     # fail due to system, skipped
     name: Peek Icons
     if: github.event.label.name == 'bot:peek'
-    runs-on: windows-2019
+    runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - name: Setup Python v3.8
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v4
         with: 
           python-version: 3.8
 
@@ -38,11 +38,11 @@ jobs:
       - name: Run icomoon_peek.py
         env:
           PR_TITLE: ${{ github.event.pull_request.title }}
-        shell: cmd
+        shell: bash
         run: >
           python ./.github/scripts/icomoon_peek.py 
-          ./.github/scripts/build_assets/geckodriver-v0.32.2-win64/geckodriver.exe ./icomoon.json 
-          ./devicon.json ./icons ./ --headless "%PR_TITLE%"
+          ./.github/scripts/build_assets/geckodriver-v0.32.2-linux64/geckodriver ./icomoon.json 
+          ./devicon.json ./icons ./ --headless "$PR_TITLE"
 
       - name: Upload the err messages (created by icomoon_peek.py)
         uses: actions/upload-artifact@v2.2.4

.github/workflows/post_check_icon_pr_comment.yml

@@ -7,14 +7,14 @@ on:
 jobs: 
   post_result_of_svg_check:
     name: Post the result of the Check SVG Action
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-latest
     steps:
       - name: Check if the trigger run worked. If it failed, fail the current run.
         if: github.event.workflow_run.conclusion != 'success' 
         uses: cutenode/action-always-fail@v1.0.1
 
       - name: Download workflow artifact
-        uses: dawidd6/action-download-artifact@v2.11.0
+        uses: dawidd6/action-download-artifact@v2.26.1
         if: success()
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
@@ -24,19 +24,19 @@ jobs:
       - name: Read the pr_num file
         if: success()
         id: pr_num_reader
-        uses: juliangruber/read-file-action@v1.0.0
+        uses: juliangruber/read-file-action@v1.1.6
         with:
           path: ./pr_num/pr_num.txt
 
       - name: Read the err message file
         if: success()
         id: err_message_reader
-        uses: juliangruber/read-file-action@v1.0.0
+        uses: juliangruber/read-file-action@v1.1.6
         with:
           path: ./err_messages/err_messages.txt
 
       - name: Comment on the PR about the result - SVG Error
-        uses: jungwinter/comment@v1 # let us comment on a specific PR
+        uses: jungwinter/comment@v1.1.0 # let us comment on a specific PR
         if: success() && (steps.err_message_reader.outputs.content != '')
         env:
           MESSAGE: |
@@ -61,7 +61,7 @@ jobs:
           body: ${{ format(env.MESSAGE, steps.err_message_reader.outputs.content) }}
 
       - name: Comment on the PR about the result - Failure
-        uses: jungwinter/comment@v1 # let us comment on a specific PR
+        uses: jungwinter/comment@v1.1.0 # let us comment on a specific PR
         if: failure() 
         env:
           MESSAGE: |

.github/workflows/post_peek_screenshot.yml

@@ -7,7 +7,7 @@ on:
 jobs: 
   post_screenshots_in_comment:
     name: Post the screenshot
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-latest
     if: github.event.action == 'completed' && github.event.workflow_run.conclusion != 'skipped'
     env: 
       # three possible values: 'skipped', 'success', 'failure'
@@ -20,22 +20,22 @@ jobs:
         run: echo $PEEK_STATUS
 
       - name: Download workflow artifact
-        uses: dawidd6/action-download-artifact@v2.11.0
+        uses: dawidd6/action-download-artifact@v2.26.1
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           workflow: peek_icons.yml
           run_id: ${{ github.event.workflow_run.id }}
 
       - name: Read the pr_num file
         id: pr_num_reader
-        uses: juliangruber/read-file-action@v1.0.0
+        uses: juliangruber/read-file-action@v1.1.6
         with:
           path: ./pr_num/pr_num.txt
 
       - name: Read the err message file
         if: success()
         id: err_message_reader
-        uses: juliangruber/read-file-action@v1.0.0
+        uses: juliangruber/read-file-action@v1.1.6
         with:
           path: ./err_messages/err_messages.txt
 
@@ -81,7 +81,7 @@ jobs:
           client_id: ${{secrets.IMGUR_CLIENT_ID}}
 
       - name: Comment on the PR about the result - Success
-        uses: jungwinter/comment@v1 # let us comment on a specific PR
+        uses: jungwinter/comment@v1.1.0 # let us comment on a specific PR
         if: env.PEEK_STATUS == 'success' && success()
         env:
           MESSAGE: |
@@ -138,7 +138,7 @@ jobs:
 
       - name: Comment on the PR about the result - Failure
         if: env.PEEK_STATUS == 'failure'
-        uses: jungwinter/comment@v1 # let us comment on a specific PR
+        uses: jungwinter/comment@v1.1.0 # let us comment on a specific PR
         env:
           MESSAGE: |
             Hi there,
@@ -166,7 +166,7 @@ jobs:
           body: ${{ format(env.MESSAGE, steps.err_message_reader.outputs.content) }}
       - name: Comment on the PR about the result - Failure
         if: failure()
-        uses: jungwinter/comment@v1 # let us comment on a specific PR
+        uses: jungwinter/comment@v1.1.0 # let us comment on a specific PR
         env:
           MESSAGE: |
             Hi there,